Audit should provide info if it affects dev dependency or production

jeemok / better-npm-audit

The goal of this project is to provide additional features on top of the existing npm audit options

https://www.npmjs.com/package/better-npm-audit

MIT License

118 stars 26 forks source link

Audit should provide info if it affects dev dependency or production #67

Open florianbader opened 2 years ago

florianbader commented 2 years ago

Really like the package. The only thing that kind of bothers me that running the audit doesn't show you if it affects a dev dependency or a production dependency. When running the audit it would be great to have a separate column that indicates if the found vulnerability only affects a dev dependency or also a production dependency. This makes it easier to decide if it should be excluded e.g. high severity on dev dependency is probably not as problematic as on production dependencies.

bencivjan commented 2 years ago

@jeemok Hey! Is help still needed on this issue?

jeemok commented 2 years ago

hey @bencivjan, yes please! :)

dchahuan commented 2 years ago

@jeemok Hey would you like this to be added as a column or a another table?